Use-After-Free Vulnerability in Mozilla Firefox and Thunderbird Products
CVE-2025-1012

Currently unrated

Key Information:

Vendor
Mozilla
Status
Firefox
Firefox Esr
Thunderbird
Vendor
CVE Published:
4 February 2025

Summary

A race condition during concurrent delazification in Mozilla Firefox and Thunderbird can result in a use-after-free scenario. This flaw occurs when specific versions of these products process certain memory operations simultaneously, leading to unpredictable behavior and potential exploitation. Users of Firefox versions earlier than 135 and specific versions of Firefox ESR and Thunderbird should be aware of this vulnerability and consider updating to secure versions available to mitigate possible risks.

Affected Version(s)

Firefox < 135

Firefox ESR < 115.20

Firefox ESR < 128.7

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1939710
https://www.mozilla.org/security/advisories/mfsa2025-07/
https://www.mozilla.org/security/advisories/mfsa2025-08/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nils Bars
.